communityDB

Privacy Policy

How we handle your information

Effective June 10, 2026

communityDB (“communityDB,” “we,” “us”) is a product of Devups Co, a Delaware company. This Privacy Policy explains what information we collect when you use communityDB, how we use it, and the choices you have. If anything here is unclear, write to us at mike@devups.dev.

1. Information we collect

Information you give us

  • Account information — your email address, display name, username, and (if you sign in with Google) the basic profile data Google shares as part of OAuth (name, email, profile picture).
  • Community content — the communities, directory items (resources, news, people, events), tags, comments, recommendations, and other content you create inside communityDB.
  • Recommendation recipients — when you send a recommendation, we store the recipient’s email (or member ID), the items shared, and any note you wrote.
  • Communications — if you email us, we’ll have the contents of that conversation.

Information from Google when you connect your contacts

communityDB offers an optional feature that lets you search your Google Contacts inline when picking a recipient for a recommendation. You control whether this is enabled. If you choose to connect, Google asks for your consent before sharing any data. With your permission, we request the https://www.googleapis.com/auth/contacts.readonly scope. This gives us read-only access to your contacts so that, when you type a name in the recipient field, we can show matching contacts as autocomplete suggestions.

We do not store your contacts in our database. Each search calls the Google People API on-demand using your access token; we hold the results in memory only for as long as it takes to render them in the picker. We do persist the OAuth tokens themselves (access token and refresh token) so that we can make those on-demand calls without re-prompting you each time. You can disconnect at any time from your Google Account permissions page, which immediately revokes our access.

Information collected automatically

  • Usage data — pages viewed, features used, approximate timing of actions. We use this to improve the product.
  • Device and log data — IP address, browser type, operating system, and request logs needed to operate and secure the service.
  • Cookies — session cookies for authentication, and a small number of functional cookies (such as remembering which community you most recently viewed). We do not use advertising cookies.

2. How we use information

  • To operate and improve communityDB’s features.
  • To authenticate you and protect your account.
  • To send transactional email — for example, a notification when someone recommends a resource to you, or a copy of a recommendation you sent.
  • To respond when you contact us.
  • To detect, investigate, and prevent fraud, abuse, or security incidents.
  • To comply with legal obligations.

3. Google API Services User Data Policy

communityDB’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide or improve user-facing features that are prominent in the requesting application’s user interface — in our case, the recipient picker for sharing a recommendation.
  • We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not allow humans to read Google user data unless: (a) we have your affirmative agreement for specific data; (b) it is necessary for security purposes (such as investigating abuse); (c) it is necessary to comply with applicable law; or (d) the data is aggregated and used for internal operations in accordance with applicable privacy and other jurisdictional legal requirements.
  • We do not use Google user data to develop, improve, or train generalized or non-personalized AI and/or machine learning models.
  • We do not sell Google user data.

4. How we share information

We do not sell your personal information. We share information only in these limited cases:

  • With other users, at your direction. When you create directory items or send recommendations, the relevant content is visible to the people you share it with or, for community content, to other members of the community as the community’s settings allow.
  • With service providers who help us operate communityDB. These include Supabase (database, authentication, and storage), Vercel (hosting), Resend (transactional email), and Stripe (payment processing, if and when paid plans are introduced). These providers are bound by contractual obligations to protect your information and use it only for the services they provide to us.
  • For legal reasons — if we’re required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect rights, property, or safety.
  • In connection with a business transaction — if Devups Co is involved in a merger, acquisition, or asset sale, your information may transfer as part of that transaction. We’ll notify you before your information becomes subject to a different privacy policy.

5. Data retention

We keep your account information and content for as long as your account is active. If you delete your account, we delete your personal information within 30 days, except where we’re required to retain it for legal, accounting, or fraud-prevention reasons. Backups containing your data may persist for a short additional period before being overwritten in our normal backup rotation.

OAuth tokens for connected Google Contacts are deleted when you disconnect or when your account is deleted, whichever comes first.

6. Security

We use industry-standard safeguards to protect your information: TLS for data in transit, encryption at rest for our database, RLS (row-level security) policies to enforce per-user access in the database, and least-privilege access for our team. No system is perfectly secure, and we can’t guarantee absolute security, but we take reasonable steps and notify affected users in the event of a material breach.

7. Your rights and choices

  • Access and correction — you can view and edit your profile and content directly in the app.
  • Deletion — you can delete your account from your settings; we’ll remove your personal information as described in “Data retention” above.
  • Disconnect Google Contacts — revoke access from your Google Account permissions page at any time. Our copy of your tokens becomes useless the moment you revoke and is purged on next use.
  • Email preferences — every transactional email contains an unsubscribe or notification-settings link.
  • California residents (CCPA / CPRA) — you have rights to know what personal information we hold, request deletion, request correction, and not be discriminated against for exercising these rights. To exercise any of these, email mike@devups.dev.
  • European Economic Area, UK, and Switzerland residents (GDPR / UK GDPR) — you have rights of access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is the performance of our contract with you (to provide the service) and our legitimate interests in operating and improving communityDB. You can lodge a complaint with your local data protection authority.

8. International data transfers

communityDB is operated from the United States, and your information is processed and stored on infrastructure provided by Supabase and Vercel, primarily in US regions. If you’re accessing communityDB from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country.

9. Children

communityDB is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you become aware that a child has provided us with personal information, please contact us and we’ll delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we’ll notify you by email or by a notice in the app before the change takes effect. The “Effective” date at the top reflects the most recent revision.

11. How to contact us

For any questions or requests related to this Privacy Policy, please write to:

Devups Co
Attn: Privacy
Email: mike@devups.dev